Das US-Softwareunternehmen Citrix Systems ist ins Visier von Hackern geraten. Die Unbekannten haben sich möglicherweise Zugriff auf Geschäftsdokumente verschafft. (Citrix, Internet)
Quelle: Golem
Die Aktivistin Chelsea Manning ist in den USA wieder in Haft. Sie weigert sich, vor Gericht eine Reihe von Fragen zur Enthüllungsplattform Wikileaks zu beantworten. (Chelsea Manning, Wikileaks)
Quelle: Golem
Wir suchen weiter nach den perfekten kabellosen Hörstöpseln und knipsen tolle Bilder mit einem teuren Smartphone. Ansonsten kommt einiges ins Rollen. (Golem-Wochenrückblick, Internet)
Quelle: Golem
This blog post was co-authored by David Armour Principal PM Manager, Azure Stack and Tiberiu Radu, Senior Program Manager, Azure Stack.
Foundation of Azure Stack IaaS
Remember back in the virtualization days when you had to pick a host for your virtual machine? Some of my business units could tell by the naming convention the make and manufacturer of the hardware. Using this knowledge, they’d fill up the better gear first, leaving the teams that didn’t know better with the oldest hosts.
Clouds take a different approach. Instead of hosts, VMs are placed into a pool of capacity. The physical infrastructure is abstract. The compute, storage, and networking resources consumed by the VM are defined through software.
Azure Stack is an instance of the Azure cloud that you can run in your own datacenter. Microsoft has taken the experience and technology from running one of the largest clouds in the world to design a solution you can host in your facility. This forms the foundation of Azure Stack’s infrastructure-as-service (IaaS).
Let’s explore some of the characteristics of the Azure Stack infrastructure that allows you to run cloud-native VMs directly in your facility.
Cloud inspired hardware
Microsoft employees can’t just purchase their favorite server and rack it into an Azure datacenter. The only servers that enter an Azure datacenter have been specifically built for Azure. Not only are the servers built for Azure, so are the networking devices, the racks, and the cabling. This extreme standardization allows the Azure team to operate an Azure datacenter with just a handful of employees. Because all the servers are standardized and can be uniformly operated and automated, adding additional capacity to a datacenter doesn’t require hiring more employees to operate them.
Other advantages of standardizing hardware configurations is the standardization leads to expected, repeatable results – not only for Microsoft and Azure, but for its customers. The hardware integration has been validated and is a known recipe. Servers, storage, networking, cabling layout, and more are all well-known and based on these recipes, the ordering, delivery, and integration of new hardware components. Servicing and eventual retirement are repeatable and scalable. The full end-to-end validation of these configurations is done once with quick checks in place when the capacity is delivered and installed.
These principles are applied to Azure Stack solutions as well. The configurations, their capabilities, and validation are all well-known and the result is a repeatable and supportable product. Microsoft, its partners, and most importantly the end customer benefit. While an Azure Stack customer is limited to the defined, partner solutions, they have been built with reasonable flexibility so the customer can choose the specific capabilities or capacities required. Please note, there is one exception – the Azure Stack Development Kit (ASDK) allows you to install Azure Stack on any hardware that meets the hardware requirements. The ASDK is for evaluation purposes and not supported as a production environment.
Learn more:
Azure Stack Capacity Planner
Best practices for planning Azure Stack deployment and post-deployment integrations with Azure
Azure Stack hardware partnerships
Microsoft has partnered and co-engineered solutions with a variety of hardware partners or OEMs. The benefit is that Azure Stack can meet you where your existing relationships exist. These relationships may be based on existing hardware purchasing agreements, geographic location, or support capabilities. Keeping in mind the principles of operating a solution in a well-defined manner, Microsoft has set minimum requirements for Azure Stack hardware solutions. Each of our partners can then choose from their portfolio the components, servers, and network switches that best meet your needs. This creates a well-defined variety that continues to be supportable and delivers the overall solution value.
Our current solutions partners are as follows:
Resiliency to failure
One of the principles we have taken from Microsoft’s experience in the enterprise and from Azure is overall solution resilience. The world of software and hardware is not perfect; things fail – cables go bad, software has bugs, power outages occur, and on and on. While we work to build better software and with our solution partners to continually improve, we must expect that things fail. Azure Stack solutions are not perfect, but have been constructed with the intent to overcome the common points of failure. For example, each copy of tenant/user data is stored on three separate storage devices in three separate servers. The physical network paths are redundant and provide better performance and resiliency to potential failure. The internal software of Azure Stack are services that coordinate across multiple instances. This type of end-to-end architectural design and implementation leads to a better end experience. Combining this approach to infrastructure resilience with the well-known and validated solutions approach described above provides for a better experience for the customer.
Learn more:
Understanding architectural patterns and practices for business continuity and disaster recovery on Microsoft Azure Stack
Hardened by default
When you run your IaaS VMs in Azure Stack you should know they are running on a secure foundation. It turns out that one of the reasons people select Azure Stack is because they have data and/or processes that are either regulated or defined in a contractual agreement. Azure Stack not only gives its owners control of their data and processes, it comes with an infrastructure which is secured by default. In fact, the underlying infrastructure is locked down in a way that neither the owner nor Microsoft can access it. If it ever needs to be accessed because of a support issue, both the owner and Microsoft combine their keys to obtain access to the system and for a limited time.
Azure leads the industry in security compliance, and security compliance is important for Azure Stack as well. In Azure, Microsoft fully manages the technology, people, and processes as well as its compliance responsibilities. Things are different with Azure Stack. While the technology is provided by Microsoft, the people and processes are managed by the operator. To help operators jump-start the certification process, Azure Stack has gone through a set of formal assessments by a third party-independent auditing firm to document how the Azure Stack infrastructure meets the applicable controls from several major compliance standards. The documentation is an assessment of the technology not a certification of Azure Stack due to the standards including several personnel-related and process-related controls, but they help you get started. The technology assessments include the following standards:
PCI-DSS – Addresses the payment card industry
CSA Cloud Control Matrix – A comprehensive mapping across multiple standards, including FedRAMP Moderate, ISO27001, HIPAA, HITRUST, ITAR, NIST SP800-53, and others
FedRAMP High – For government customers
To download the Azure Stack compliance documentation please see, "Azure Security and Compliance Additional Frameworks."
Learn more:
Azure Trust Center
Azure Stack infrastructure security posture
Security and compliance in Azure Stack
Using the privileged endpoint in Azure Stack
Get started by reviewing your options
As noted earlier, Azure Stack is sold as an integrated hardware system, with software pre-installed on the validated hardware. It typically comes in a standard server rack. You choose where your system will be located. You can host it in your data center or perhaps you want to run it in a service provider’s facility.
With the Azure Stack running in your location of choice, you also have a choice of who operates the Azure Stack infrastructure. An Azure Stack operator is responsible for giving access to the Azure Stack, keeping the software and firmware up-to-date, providing the content in the marketplace, monitoring the system health, and diagnosing issues. Azure Stack provides automation, documentation, and training for all of these processes so that someone from your organization can operate Azure Stack. e also provide trained partner experts who can operate your Azure Stack either in their facility or yours.
Here is an overview of your options when you acquire your Azure Stack:
A system you manage
Typically on-premises
You control management and ops
Buy Azure Stack from Microsoft
Buy hardware from the vendor
Call Microsoft for support
A managed service
Typically at service provider premises
Service is managed for you
Buy service from service provider
Service includes hardware and software
Call the service provider for support
Learn more:
Azure Stack operator documentation
Azure Stack technology and service partners
Tuning your IaaS VMs for a cloud infrastructure
Once you have your Azure Stack up and running and you begin to plan your first IaaS VM deployments, you need to think about these VMs as cloud deployments, not virtualization deployments. IaaS VMs run best when they take advantage of the cloud infrastructure that they are running on. Many times, the way you tune a VM in your cloud infrastructure will be very different than the way you tuned VMs in your traditional virtualization environment. That said, you can always start with what you already have and improve those solutions through modern operations.
A great example of this is the use of multiple disks to get the needed IOps and throughput required of the application. As is the case in Azure, virtual machines placed in Azure Stack have limits applied for their disk activity. This limits the impact of one VM’s activity on another VM – aka noisy neighbor. While these limits are great for IaaS environments, it may take extra work to deploy workloads that get the appropriate resources needed, and in this example, it is IOps.
For optimization of SQL Server deployments, our documentation provides guidance on how to configure storage to obtain the needed performance. In this case, the approach is to attach multiple disks and stripe them to obtain the capacity and performance. When you use managed disks for your VMs, it allows the system to optimize where the physical data gets stored within your Azure Stack. Moving from virtualization environments to IaaS is reasonably straightforward and has its benefits, but requires a little bit of work on your first deployment. You can always use tools like Azure Monitor and the Virtual Machine solutions to better understand your workloads and gain insights on the performance of your VMs. When your VMs are not answering the performance requirements, you can also use the Azure Performance Diagnostics VM Extension for Windows to troubleshoot and identify potential bottlenecks.
The great thing about IaaS, and specifically Azure Stack, is the ability to easily reuse the deployment templates or artifacts to reduce the work for migration of similar workloads. We will cover this more in a future blog post.
Learn more:
Create virtual machine disk storage in Azure Stack
Optimize SQL Performance on Azure Stack
Azure Managed Disks Overview
Frequently asked questions about Azure IaaS VM disks
Considerations for Managed Disks on Azure Stack
Infrastructure purpose built for running cloud-native VMs
Few organizations can claim that they have experience building one the largest cloud infrastructures in the world. When you buy an Azure Stack, you get the benefit of Microsoft’s Azure experience. Microsoft has partnered with the best OEMs to deliver a standardized configuration so that you don’t have to worry about these details. The infrastructure of Azure Stack is purpose-built to get the best for your IaaS VMs – keeping them safe, secure, and performant.
Learn more:
How to buy Azure Stack
Azure Stack datacenter integration
In this blog series
We hope you come back to read future posts in this blog series. Here are some of our passed and upcoming topics:
Azure Stack at its core is an Infrastructure-as-a-Service (IaaS) platform
Start with what you already have
Fundamentals of IaaS
Do it yourself
Pay for what you use
It takes a team
If you do it often, automate it
Protect your stuff
Build on the success of others
Journey to PaaS
Quelle: Azure
Check out the packed Agenda for the OpenShift Commons Gathering in Boston on May 6th! The OpenShift Commons Gathering will feature speakers from NASA, Volkswagen, Microsoft Azure and Red Hat’s CEO Jim Whitehurst. The OpenShift Commons Gathering at Red Hat Summit brings together experts from all over the world to discuss the container technologies, operators, the […]
The post Save the Date: OpenShift Commons Gathering at Red Hat Summit announces speakers from NASA, Volkswagen, Microsoft Azure and Eli Lilly appeared first on Red Hat OpenShift Blog.
Quelle: OpenShift
Research from universities and higher education institutions plays an important role in driving innovation and social impact, and an increasing number of these organizations are turning to the cloud to do it. Today, we’re announcing a new agreement with Internet2, the advanced technology consortium of universities and research institutions, to offer special benefits under Google Cloud Platform (GCP) for their members.Internet2 is a member-driven advanced technology community that includes 316 U.S. universities, 60 government agencies, 59 corporations, and 43 regional and state education networks. In addition, it collaborates with research and education network partners that represent more than 100 countries. Their NET+ program provides a portfolio of reliable cloud and trust solutions to help higher education and research institutions solve common technology challenges. As part of this program, we’re offering Internet2 higher education members key enhancements to our standard GCP education terms.“We’re really excited about this development with Google Cloud,” said Kevin Morooney, vice president of trust and identity at Internet2. “Many of our stakeholders are already leveraging Google Cloud services and this is another way that NET+ can help campuses create the relationships they need with key infrastructure providers.”Key benefits for Internet2 communityNET+ Google Cloud Platform for Education provides access to GCP with the following benefits:Discounted educational pricing for Internet2 member institutions, as well as egress waiversfor data egress fees.Free deployment and training for Internet2 member institutions to facilitate onboarding and training.Successful completion of the peer-driven NET+ Service Validation process to help facilitate community security, accessibility, and contractual standards.Free Orbitera cloud billing reporting and analytics and Business Associates Agreements through Carahsoft, a leading IT solutions provider.Pre-negotiated, custom contract with Internet2 member institutions for the NET+ communityAccess to Google TPUs (10-30x faster than GPUs), and services like AutoML and Cloud ML Engine,Vertically-integrated security model with low latency and high responsiveness from the world’s largest private cloud network, as well as provisions addressing compliance with key regulations and standards, including FERPA and FedRAMP, among others.Layer 3 routed access to Google for greater speed and security through Internet2 Cloud Exchange.Enabling peer-driven review through NET+ Service ValidationMember Internet2 institutions can also benefit from customizing their GCP services through a peer-driven review process. The NET+ Service Validation process helps them collectively identify and vet cloud solutions that the community believes can be effective in addressing their security and accessibility requirements, allowing them to negotiate contractual and pricing terms specifically for their teaching, learning, and research needs. “The NET+ GCP service validation process has given Indiana University access to a unique offering. This includes a community of technical resources and a collaborative environment to think strategically on how to design this cloud service offering—something we could not have done on our own,” said Bob Flynn, Manager, Cloud Technology Support at Indiana University. “Cloud adoption is essential for our community to stay competitive in the global marketplace. We are excited to provide the GCP toolset to our teaching, learning, and research communities to see where their imaginations can take it.”Meet us at Internet2’s Global SummitWe’ve been hosting sessions sharing our best practices on topics like trust and identity management and improving reproducibility in scientific research during the 2019 Internet2 Global Summit in Washington, D.C., March 5-8th. Participating institutions like Columbia University will share how they’re using Google Cloud to develop cloud architectures and tools that support their research. If you’ll be attending the summit, please stop by the Google Cloud booth—we’d love to say hello. Talk to members of our team or set up a meeting to get started.To learn more about GCP, visit our website or contact us.
Quelle: Google Cloud Platform
There’s never a dull moment in cloud technology, as cloud app development and infrastructure mature and there are more ways to manage and use cloud data. February’s highlights included plenty of news. Here’s what was popular last month on the Google Cloud Platform (GCP) blog.Bringing cloud homeHybrid cloud continues to grow, with the announcement last month of our Cloud Services Platform, a software-based approach to incorporate GCP services into your on-premises infrastructure. CSP is built on top of open-source technologies like Kubernetes and Istio, and deploys Google Kubernetes Engine (GKE) On-Prem to remotely manage on-prem clusters. The bottom line: With CSP, you can build and manage a less disruptive, more flexible hybrid cloud.More ways to containerize and build appsOpen-source tool Jib became generally available last month, making it easier to containerize Java applications. Previously, developers dealt with slow build times and too-large containers when containerizing these apps. Besides the ability to dockerize Maven and Gradle projects, Jib 1.0 adds the ability to dockerize WAR projects, integration with Skaffold for Kubernetes development, and Jib Core, a container library for Java.Cloud Firestore is now generally available, too, bringing a NoSQL database that’s ideal for use with web, mobile and IoT applications. Though Cloud Firestore is part of GCP’s database family, it’s really a data back end that includes edge storage, security and synchronization features, among other things. Developers using Cloud Firestore can build apps that update quickly, even if connectivity is spotty.Play with your dataWe released six new cryptocurrency blockchain data sets last month as part of our BigQuery public data sets. Making this data publicly available means you can access and explore this data to better understand blockchain and to integrate it into your applications—for example, to compare the ways in which these different blockchains query payments and receipts.And finally, there’s a new way to explore BigQuery without entering credit card information. The new BigQuery sandbox makes it easy to explore this serverless data warehouse to run SQL queries over both large and small data sets. As a BigQuery sandbox user, you can access the same compute power as paying users, and just like paying users, you get to use new capabilities like BigQuery Machine Learning and BigQuery Geospatial Information Systems. BigQuery sandbox provides you with up to 1 terabyte per month of query capacity and 10GB of free storage.Till next month, we wish you happy data integration and fruitful cloud building. Don’t forget to check out our Next ‘19 site to register and see the session listings.
Quelle: Google Cloud Platform
Um Straßen zu entlasten, sollen mehr Güter auf dem Wasser transportiert werden. Die Schiffe sollen aber wie Autos in Zukunft von Computern und nicht mehr von Menschen gesteuert werden. Das DLR plant das erste Testfeld für autonome Schiffe. (Schiff, Automotive)
Quelle: Golem
Bis es 5G-Netze und -Tarife gibt, bleibt 4G, also LTE, das Maß der Dinge im Mobilfunk. Doch LTE ist nicht gleich LTE, wie ein Geschwindigkeitsvergleich ergibt. (Mobilfunk, Telekom)
Quelle: Golem
Eine geglückte Landung macht einen erfolgreichen Flug, aber noch keine erfolgreiche Mission. Erst nach Auswertung der Daten kann die Mission des Crew Dragon von SpaceX endgültig zum Erfolg erklärt werden. So viel sei verraten: Es sieht gut aus. (SpaceX, Nasa)
Quelle: Golem
